<?php
include_once("inc.admin.php");
$this_title="$vars[admin_title] - Add Admin";

if(!$pv["task"]["Manage Admin"]){
 print format_admin_page(format_errmsg("You do not have the privilege to Manage Admin.<br />\n"), $this_title);
 exit();
}

//table list
$r_table_list=get_db_table();
 
//#####POST
if($_POST["do_add"]){
 $fm_add=1;

 //db privilege
 foreach($_POST as $request => $value){
  if(substr($request, 0, 3)=="dt_"){
   $pv_table_p=substr($request, 3);
   $r_pv_table_p=explode("+", $pv_table_p);
   $r_update_pv_table[$r_pv_table_p[0]][$r_pv_table_p[1]]=$value;
  }
 }
 for($i=0;$i<count($r_table_list);$i++){
  $pv_point=0;
  if($r_update_pv_table[$r_table_list[$i]]["view"]){
   $pv_point+=1;
  }
  if($r_update_pv_table[$r_table_list[$i]]["add"]){
   $pv_point+=2;
  }                                             
  if($r_update_pv_table[$r_table_list[$i]]["edit"]){
   $pv_point+=4;
  }
  if($r_update_pv_table[$r_table_list[$i]]["delete"]){
   $pv_point+=8;
  }    
  if(strlen($pv_point)==1){
   $pv_point="0$pv_point";
  }
  $db_pv_point.="$pv_point";
 }
 //end db privilege

 //task privilege
 $task_pv_all=task_pv();
 for($j=0,$t=count($task_pv_all);$j<$t;$j++){
  $apv_t[$j]=$task_pv_all[$j][0];
 }
 foreach($_POST as $apv_p => $value_p){//for each privilege
  if(substr($apv_p, 0, strlen("apved_"))=="apved_"){
   $r_apv_t[substr($apv_p, strlen("apved_"))]=$value_p;
  }
 }
 for($i=0;$i<count($apv_t);$i++){
  if($r_apv_t[$i]){
   $apv_t2="1";
  }else{
   $apv_t2="0";
  }
  $task_pv_point.=$apv_t2;
 }
 //end task privilege

 //email privilege
 $aepv_field=explode(",", $post_s["aae_repv"]);
 foreach($aepv_field as $field){
  $email_pv_fq.=($email_pv_fq? ", " : "").$field;
  $email_pv_vq.=($email_pv_vq? ", " : "")."'".($post_s["ae_$field"]? "y" : "n")."'";
 }

 if(@mysql_num_rows(mysql_query("select * from $db->admin where username='$post_d[username]'"))){
  $errmsg.="Admin '$post_s[username]' already existed in database.<br />\n";
 }
 if(!$errmsg){
  if($post_a["username"] && $post_a["password"]){
   $datetime=ndate("Y-m-d H:i:s");
   $salt = generate_random_code(32);
   $enc_password = md5($post_s["password"].$salt).":".$salt;
   $sql="insert into $db->admin (name, username, password, enc_password, email, pv_db, pv_task".($email_pv_fq? ", $email_pv_fq" : "").", cdate) values ('$post_d[name]', '$post_d[username]', '$post_d[password]', '$enc_password', '$post_a[email]', '$db_pv_point', '$task_pv_point'".($email_pv_vq? ", $email_pv_vq" : "").", '$datetime')";
   if(mysql_query($sql)){
    $msg="Admin Successfully Added.<br />\n";
   }else{
    $errmsg.="Add Admin Failed.<br />\n";
   }
  }else{
   $errmsg="Please enter username and password to add an admin.<br />\n";
  }
 }

 $msg=$msg? format_msg($msg) : "";
 $errmsg=$errmsg? format_err($errmsg) : "";
}//finish add
//#####END POST

//admin detail
$admin_detail="
<table width='240'>
 <tr><td>Name:</td><td><input type='text' name='name' class='inputbox' value=\"$post_s[name]\" /></td></tr>
 <tr><td>Login:</td><td><input type='text' name='username' class='inputbox' value=\"$post_s[username]\" /></td></tr>
 <tr><td>Login Password:</td><td><input type='text' name='password' class='inputbox' value=\"$post_s[password]\" /></td></tr>
 <tr><td>Email:</td><td><input type='text' name='email' class='inputbox' value=\"$post_s[email]\" /></td></tr>
</table>";

//db privilege
for($i=0;$i<count($r_table_list);$i++){           
 $view_checked=($fm_add && $r_update_pv_table[$r_table_list[$i]]["view"]? "checked" : ($r_table_default[$r_table_list[$i]]["view"]? "checked" : ""));
 $add_checked=($fm_add && $r_update_pv_table[$r_table_list[$i]]["add"]? "checked" : ($r_table_default[$r_table_list[$i]]["add"]? "checked" : ""));
 $edit_checked=($fm_add && $r_update_pv_table[$r_table_list[$i]]["edit"]? "checked" : ($r_table_default[$r_table_list[$i]]["edit"]? "checked" : ""));
 $delete_checked=($fm_add && $r_update_pv_table[$r_table_list[$i]]["delete"]? "checked" : ($r_table_default[$r_table_list[$i]]["delete"]? "checked" : ""));
 $table_name=($tr_table[$r_table_list[$i]]["name"]? $tr_table[$r_table_list[$i]]["name"]: $r_table_list[$i]);
 $pv_db_row.="
 <tr><td>$table_name</td><td><input type='checkbox' name='dt_$r_table_list[$i]+view' $view_checked></td><td><input type='checkbox' name='dt_$r_table_list[$i]+add' $add_checked></td><td><input type='checkbox' name='dt_$r_table_list[$i]+edit' $edit_checked></td><td><input type='checkbox' name='dt_$r_table_list[$i]+delete' $delete_checked></td></tr>";
}
$pv_db_d="
<table width='100%'>
 <tr class='ams_header'>
  <td>Table</td>     
  <td>View</td>
  <td>Add</td>  
  <td>Edit</td>
  <td>Delete</td>
 </tr>
 $pv_db_row
</table>";
//end db privilege

//task privilege
$task_pv_all=task_pv();
for($i=0;$i<count($task_pv_all);$i++){
 $checked="";
 if($r_apv_t[$i]){
  $checked="checked";
 }
 $r_task_pv_row[$task_pv_all[$i][2]]="
 <tr>
  <td><input type='checkbox' name='apved_$i' $checked id='apved_$i'> <label for='apved_$i'>".$task_pv_all[$i][0]."</label></td>
 </tr>";
}
for($i=0,$t=count($r_task_pv_row);$i<$t;$i++){
 if(isset($r_task_pv_row[$i])){
  $task_pv_row.=$r_task_pv_row[$i];
 }
}
$pv_task_d="
<table width='100%'>
 <tr class='ams_header'>
  <td>Administrative Task Privileges:</td>
 </tr>
 $task_pv_row
</table>";
//end task privilege

//email privilege
$r=mysql_query("show columns from $db->admin");
for($i=0;$i<mysql_num_rows($r);$i++){
 $ad_field=mysql_result($r, $i);
 if(preg_match('/^re_/', $ad_field)){
  $adminre_fields[]=$ad_field;
 }
}
foreach($adminre_fields as $field){
 $repv_fields.=($repv_fields? "," : "").$field;
 if($field=='re_contact'){
  $pv_email_name="Receive emails from Contact Us";
  $extra_display="<br />\nWhether or not this admin user can receive emails from the Contact Us form.";
 }elseif($field=='re_system'){
  $pv_email_name="Receive emails from System";
  $extra_display="<br />\nWhether or not this admin user can receive emails from the system regarding issues including $vars[ewallet] Automatic Withdrawal and manual withdraw notification.";
 }elseif($field=='re_error'){
  $pv_email_name="Receive emails when there is an error";
  $extra_display="<br />\nWhether or not this admin user can receive emails from the system when there is an error.";
 }else{
  $pv_email_name=preg_replace('/^re_/', '', $field);
  $extra_display="";
 }
 $email_pv_row.="
 <tr>
  <td><input type='checkbox' name='ae_$field' ".($post_s["ae_$field"]? "checked='checked'" : "")." id='ael_$field' /><label for='ael_$field'>$pv_email_name</label>$extra_display</td>
 </tr>";
}
$repv_inputfield="<input type='hidden' name='aae_repv' value=\"$repv_fields\" />";
$pv_email_d=
"<table width='100%'>
 <tr class='ams_header'>
  <td>Email Privileges: $repv_inputfield</td>
 </tr>
 $email_pv_row
</table>";
//end email privilege

$privilege="$pv_task_d<br />\n<br />\n$pv_email_d<br />\n<br />\n$pv_db_d";

$add_admin=" 
$errmsg $msg
<form name='add' method='post' action='$this_file'>
<input type='hidden' name='do_add' value='1' />
<table class='ams_table'>
 <tr class='ams_header'>
  <td width='250'>Admin Details</td>
  <td>Admin Privileges</td>
 </tr>
 <tr class='ams_body'>
  <td>$admin_detail</td>
  <td>$privilege</td>
 </tr>
 <tr><td colspan='2' align='center'><input type='submit' value='Add' class='button' /> <input type='button' value='Back' class='button' onclick=\"window.location='admin_list.php';\"></td></tr>
</table>
</form>";

$content="
<h3>Add Admin</h3>
$add_admin";

print format_admin_page($content, "$vars[admin_title] - $this_title");
?>